Load Balancing cluster, LVS introduction and scheduling algorithm, LVS NAT mode construction

Introduction to load Balancing clusters

Main open source software LVs, keepalived, Haproxy, Nginx, etc.
The LVS belong to 4 layer (network OSI 7 layer model), Nginx belongs to 7 layer, Haproxy can be considered as 4 layer, can also be used as 7 layer
Keepalived Load balancer is actually the LVS LVS this 4-layer load balancer can be distributed in addition to 80 other ports communication, such as MySQL, and nginx only support Http,https,mail,haproxy also support MySQL this
In comparison, the 4-layer LVS is more stable, can withstand more requests, and nginx this 7-layer more flexible, to achieve more personalized requirements

LVS Introduction

LVS is developed by people Zhangwensong the popularity of as much as Apache httpd, based on TCP/IP Routing and forwarding, stability and high efficiency
The latest version of LVS is based on Linux kernel 2.6 and has not been updated for many years
LVS has three common patterns: NAT, DR, IP Tunnel
A core role in the LVS architecture is called the Dispatcher (Load balance), which is used to distribute the user's requests, as well as many servers that handle user requests (Real server, RS)

LVS NAT Mode

This mode uses the Iptables NAT table to implement the user's request to the dispatcher, through the pre-set iptables rules, forwards the requested packet to the back-end RS to go to the RS need to configure the gateway for the Distributor's intranet IP user request packet and return to the user's packet all the dispatcher, So the dispenser becomes the bottleneck in NAT mode, only the Distributor has a public IP, so it is more economical to save public IP resources.

LVS IP tunnel mode

This mode, need to have a public IP configuration on the Distributor and all RS, we call it VIP client request target IP for VIP, the dispatcher receives the request packet, will make a processing of the packet, will change the target IP to RS IP, so that the packet to Rs on the RS to receive the packet, The original packet is restored so that the target IP is VIP, because this VIP is configured on all RS, so it will be considered as its own

LVS Dr Mode

This mode, also need to have a common IP configuration on the Distributor and all RS, that is, the VIP and IP tunnel is different, it will change the MAC address of the packet to Rs MAC address RS receive packet, will restore the original packet, so the target IP is VIP, Because this VIP is configured on all RS, it will be considered to be its own

The scheduling algorithm of LVS
Poll Round-robin RR
Weighted polling Weight Round-robin WRR
Minimum connection least-connection LC
Weighted minimum connection Weight least-connection WLC
The minimum connection based on locality locality-based Least Connections LBLC
Locally-based minimal connection with replication locality-based Least Connections with Replication LBLCR
Destination Address hash dispatch Destination Hashing DH
Source Address hash Dispatch source Hashing sh

LVS NAT Mode Setup

Nat Mode Setup – Prep work
Three machine distributors, also known as the Scheduler (dir)
Intranet: 218.130, Extranet: 194.128 (VMware Host-only mode) rs1
Intranet: 218.129, set gateway to 192.168.218.2 RS2
Intranet: 218.131, set gateway to 192.168.218.2
Execute on all three machines
Systemctl Stop Firewalld;
Systemctl start iptables-services; Iptables-f; Service Iptables Save

Installing the Ipvsadm on Dir
Yum Install-y Ipvsdam

Scripting on the Dir (dispatcher)
[Email protected] ~]# vim/usr/local/sbin/lvs_nat.sh
#! /bin/bash
Turn on routing forwarding on the director server
Echo 1 >/proc/sys/net/ipv4/ip_forward
Turn off redirection of ICMP
echo 0 >/proc/sys/net/ipv4/conf/all/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/default/send_redirects
Note the name of the network card, my two NICs here are Ens33 and ENS37
echo 0 >/proc/sys/net/ipv4/conf/ens33/send_redirects
echo 0 >/proc/sys/net/ipv4/conf/ens37/send_redirects
Director Set NAT Firewall
Iptables-t nat-f
Iptables-t Nat-x
Iptables-t nat-a postrouting-s 192.168.64.0/24-j Masquerade
Director set IPVSADM rules
Ipvsadm= '/usr/sbin/ipvsadm '
$IPVSADM-C
-c=clear, purge rule
$IPVSADM-A-T 192.168.64.151:80-s RR
-a:=add, add rules, define the rules of the algorithm;
-T: Distributor IP (external network IP);
-s specifies the algorithm;
-P: Specifies the time-out (fixed session issue: Ensure that the same request is distributed to the same RS) in seconds.
Because the Add-p option affects the test effect, the parameter is not added here (note: The time cannot be set to 0)
$IPVSADM-T 192.168.64.151:80-r 192.168.159.131:80-m-W 1
$IPVSADM-T 192.168.64.151:80-r 192.168.159.132:80-m-W 1
-a:=add, increasing the RS in the NAT architecture;
-r: Specifies the IP of RS;
-M: Specify the LVS mode as NAT (Masquerade)
-w:=weight, assigning weights

Execute script:
[Email protected] ~]# sh/usr/local/sbin/lvs_nat.sh
There is no error output stating that the script was executed.

To view Ipvsadm rules:
[Email protected] ~]# IPVSADM-LN
IP Virtual Server version 1.2.1 (size=4096)
Prot Localaddress:port Scheduler Flags
Remoteaddress:port Forward Weight activeconn inactconn
TCP 192.168.64.151:80 RR
-192.168.159.131:80 MASQ 1 0 0
-192.168.159.132:80 MASQ 1 0 0
Configure RS

Install Nginx on both RS and set the homepage separately to differentiate between the two machines.

[email protected] ~]# Yum install-y nginx
[[email protected] ~]# systemctl start Nginx

If Nginx is a Yum installation, its home directory is/usr/share/nginx/html/index.html
Test

Access to extranet ip:192.168.194.128

[Email protected] ~]# Curl 192.168.194.128
This is real server 2
[Email protected] ~]# Curl 192.168.194.128
This is real server 1
[Email protected] ~]# Curl 192.168.194.128
This is real server 2
[Email protected] ~]# Curl 192.168.194.128
This is real server 1

Load Balancing cluster, LVS introduction and scheduling algorithm, LVS NAT mode construction